Mon-Thu 09:00-19:00 | Fri 09:00-17:00

Photograph of Public Health Wales patient blank medical history form

Public Health Wales has confirmed it has been subject to a data breach in which thousands of Welsh residents who have tested positive for COVID-19 have had their personal details breached.

The incident occurred on 30 August 2020, when the personal data of 18,015 Welsh residents who have tested positive for coronavirus was uploaded to a public server by mistake due to human error, where it was searchable by anyone who was using the site. The data was uploaded to the Public Health Wales COVID-19 dashboard on the Health Protection Tableau thumbnail page. It occurred when a member of the Public Health Wales staff was uploading data to the Tableau, which is a business intelligence software used by Public Health Wales, and the member of staff accidentally clicked publish on the public-facing server rather than the internal restricted one.

Once they were alerted to the breach, Public Health Wales said the data was removed the next morning on the 31 August 2020. They confirmed that in the 20 hours it was online, it had been viewed 56 times, but they cannot determine who by.

Public Health Wales said in a statement that the risk of people being identified from the information released was low and that there has been no evidence at this stage that the data has been misused.

What personal data was breached?

Photograph of female doctor with forms and laptop searching for the COVID-19 patients data breach

In the majority of cases, for 16,179 people, the information consisted of their initials, date of birth, geographical area, and sex. However, for 1,926 people living in nursing homes or similar settings such as supported housing, or residents who share the same postcode as these settings, the information also included the name of the setting.

The health body said in a statement:

“A risk assessment has been conducted and legal advice has been sought, both of which advise that the risk of identification of the individuals affected by this data breach appears low. There is no evidence at this stage that the data has been misused. However, we recognise the concern and anxiety this will cause and deeply regret that on this occasion we have failed to protect Welsh residents’ confidential information.”

Public Health Wales went on to say that the Information Commissioner’s Office and Welsh Government have been informed and they have commissioned an external investigation into the full circumstance surrounding the data breach.

How to know if you have been affected by the Public Health Wales coronavirus patient’s data breach

Vial of blood market with a positive coronavirus test

The personal data that was breached was for every Welsh resident who has tested positive for COVID-19 between 27th February 2020 and the 30th of August 2020. So, if you fall into this category then you may have been affected by this breach and could be entitled to claim compensation for this breach of your personal information.

Public Health Wales has stated that they will not be contacting all those affected because the risk to them is considered low. However, if you are concerned that your data or that of a close family member may have been breached, you should contact Public Health Wales at PHW.data@wales.nhs.uk or 0300 003 0032 to discuss your concerns.

What to do if you have been involved in the data protection breach

Blue doctor's notebook with coronavirus patient data marked with the label "Diagnosis: Coronavirus"

If you have fallen victim to a data protection breach, where your personal and private information has not been stored safely then you could be entitled to claim compensation. You have the right to have your personal information kept private. A data protection breach can cause emotional distress and, in some cases, financial losses to those affected, and claiming compensation can help you to get your life back on track and recover any losses that may have come because of it.

Under General Data Protection Regulation (GDPR), by law, public bodies and private companies who collect a significant amount of sensitive information about people have to store the data responsibly and can be prosecuted if they do not do so. You can be entitled to claim compensation for:

  • Misuse of private information
  • Loss of control of data
  • Breach of confidence
  • Financial Loss
  • Damage
  • Distress
  • Human rights breaches


HNK Solicitors can help with your data protection claim

HNK Solicitors have a team of expert data protection claim solicitors who have years of experience in handling data breach claims, and successfully holding public bodies to account and obtaining compensation for those affected. We provide free no-obligation consultations to all our clients, and can even offer a no-win, no-fee agreement dependent on the details of your case. To find out more about pursuing a claim for a data breach, visit our data protection claims page, or contact us at 0151 203 1104 or enquiries@hnksolicitors.com.

Related Posts

Get in touch

Fill out the below form and one of our advisors will get in touch to arrange a consultation about your claim.

Recent Articles

A raised fist of a protestor at a political demonstration
Does the new policing act affect my right to protest?
September 20, 2023
Picture of a Metropolitan Police station with a blue light outside
Metropolitan Police data breach: The Met Police suffer an IT security breach potentially affecting thousands of police officers and staff, which could do ‘incalculable damage in the wrong hands’
September 6, 2023
Image of a police interview. A woman police officer is interviewing a male who is holding his head in his hands. The officer is pointing to a picture on the table.
Can you be charged without being interviewed in the UK?
August 30, 2023
Call Us Claim Now